STIGQter: STIG Summary: Apple OS X 10.15 (Catalina) Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 23 Apr 2021:

The macOS system must issue or obtain public key certificates under an appropriate certificate policy from an approved service provider.

DISA Rule

SV-225204r610901_rule

Vulnerability Number

V-225204

Group Title

SRG-OS-000066-GPOS-00034

Rule Version

AOSX-15-003001

Severity

CAT I

CCI(s)

• CCI-000185 - The information system, for PKI-based authentication, validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information.
• CCI-002450 - The information system implements organization-defined cryptographic uses and type of cryptography required for each use in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.

Weight

10

Fix Recommendation

Obtain the approved DOD certificates from the appropriate authority. Use Keychain Access from "/Applications/Utilities" to add certificates to the System Keychain.

Check Contents

To view a list of installed certificates, run the following command:

/usr/bin/sudo /usr/bin/security dump-keychain | /usr/bin/grep labl | awk -F\" '{ print $4 }'

If this list does not contain approved certificates, this is a finding.

Vulnerability Number

V-225204

Documentable

False

Rule Version

AOSX-15-003001

Severity Override Guidance

To view a list of installed certificates, run the following command:

/usr/bin/sudo /usr/bin/security dump-keychain | /usr/bin/grep labl | awk -F\" '{ print $4 }'

If this list does not contain approved certificates, this is a finding.

Check Content Reference

M

Target Key

4212

Comments